Wrong security attributes. Maybe a bug?
Bryn M. Reeves
bmr at redhat.com
Thu Jan 22 10:51:25 UTC 2009
Joshua C. wrote:
> 2009/1/21 Steve Grubb <sgrubb at redhat.com>:
>> On Wednesday 21 January 2009 05:19:39 pm nodata wrote:
>>> Am Dienstag, den 20.01.2009, 06:44 -0500 schrieb Steve Grubb:
>>>> On Monday 19 January 2009 04:13:09 pm Manuel Wolfshant wrote:
>>>>> actually after chattr +i not even root can modify / delete the file:
>>>> True. But you can chattr -i ./foo and then edit the file remembering to
>>>> make it immutable again when you are done editing it. Not as automatic as
>>>> one might like, but that's how to do it.
>>> That would mean a race though. Better to fix directory permissions :)
>> The original question was about a file owned by root but readable by others. I
>> assume 0644 permissions. The root ownership still protects it.
>>
>> -Steve
>>
>
> This makes part of it useless: If the owner is root but I still can
> delete/modify the file (because if dir permissions) then the ownership
> doesn't matter. The file was set to 444. The idea was to have a file
> that cannot be deleted/modified but only read by everyone regardless
> of the directory permissions. And the only suitable answer is to set
> it +i.
>
Or make the directory sticky if you must give untrusted users write
access to it and do not want them to be able to unlink or rename one
another's files?
Bryn.
More information about the fedora-devel-list
mailing list